1.11 – Explain Software Guard Extensions (SGX)

Some modern Intel CPUs implement a security extension called Intel Software Guard Extensions. It’s a processor-specific technology for application developers who seek to protect select code and data from disclosure or modification. It allows user-level code to define private regions of memory and these are protected such that code running outside this region cannot access […]

1.10 – Describe the vSphere Trust Authority architecture 

vSphere Trust Authority enhances workload security. It associates an ESXi host’s hardware root of trust to the workload itself. It’s a set of services to satisfy high security requirements and you can ensure that sensitive workloads run only on ESXi hosts proven to have booted authentic software. You’ll have to “attest” your ESXi hosts, which […]

1.9.1 – Identify basic vSAN requirements(networking, disk count + type)

It requires: Minimum of three hosts to be part of the vSphere cluster and configured for vSAN A vSAN network One SAS or SATA host bus adapter or a RAID controller that is in passthrough mode or RAID 0 mode Local disks on each host that are pooled to create a virtual shared vSAN datastore. […]

1.9 – Describe the basics of vSAN as primary storage

VSAN clusters host-attached HDDs or SSDs and creates an aggregated datastore shared by VM’s. Features of vSAN: Shared storage support On-disk format All-flash and hybrid configurations Fault domains iSCSI target service Stretched cluster Supports Windows Failover Clusters vSAN health service vSAN performance service Integration with vSphere storage features VM storage policies Rapid provisioning Deduplication and […]

1.8 – Describe vSphere Lifecycle Manager concepts (baselines, cluster images, etc.)

vSphere Lifecycle manager automates the process of VMs and removing them from service at the appropriate time. It automatically places servers based on their location, org, environment, service level or performance levels. When a solution is found for a set of criteria, the machine is automatically deployed In previous iterations of vCenter this was called […]

1.7.4 – Manage Network I/O Control (NIOC) on a vSphere distributed switch

Use NIOC to allocate network bandwidth to business critical apps and to resolve situations where several traffic types compete for common resources. You’ll need an enterprise pluc license to use this and you can also create new Network Resource Pools if you want. It’s only available on a dSwitch Used to reserve bandwidth for system […]

1.7.3 – Describe networking policies

Policies that are set at the standard switch level apply to all port groups on the standard switch by default Available network policies: Security: protects against MAC address impersonation and unwanted port scanning Traffic shaping: Limit the amount of traffic to a VM or a group of VMs NIC teaming and failover: How traffic should […]

1.7 – Identify vSphere distributed switch and vSphere standard switch capabilities

standard switch Virtual switch that is configured for a single host Distributed switch Virtual switch that is configured for an entire datacenter Up to 2000 hosts can be attached Configuration is consistent across all attached hosts Hosts must have either an Enterprise Plus license or belong to a vSAN cluster VCenter server owns the config […]

1.6.5 – Describe datastore clusters

A datastore cluster is a collection of datastores with shared resources and a shared management interface. When you create the datastore cluster, you can use storage DRS to manage storage resources. vSphere DRS managed these storage resources Space utilization load balancing I/O latency load balancing Anti-affinity rules Datastore maintenance mode

1.6.4 – Describe vSphere High Availability

Provides a base level of protection for your VMs by restarting VMs if a host fails and enables a collection of ESXi hosts to work together to provide workload availability.  When vSphere HA is activated, an HA agent is installed on each host in the cluster. These agents communicate with each other to determine which […]